package com.luci.security.support;

import java.io.IOException;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.FilterInvocation;

/**
 * 授权相关接口
 *
 * @author yuyanan01@beyondsoft.com
 * @version 1.0
 * @date 18-11-2
 */
public interface IAuth {

    /**
     * <pre>
     *     basic认证
     *     每次请求接口 验证token合法性
     * </pre>
     *
     * @param request HttpServletRequest
     * @param response HttpServletResponse
     * @return Authentication
     */
    Authentication basic(HttpServletRequest request, HttpServletResponse response);

    /**
     * <pre>
     *     获取url所需要的角色集合
     *     如果该url不需要鉴定权限 则直接跳过
     * </pre>
     *
     * @return Collection<ConfigAttribute>
     */
    Collection<ConfigAttribute> getRolesByUrl(FilterInvocation filterInvocation);

    /**
     * 授权
     *
     * @param authentication 用户主体
     * @param configAttributes url所需要的权限
     * @param filterInvocation FilterInvocation
     */
    void decide(Authentication authentication, Collection<ConfigAttribute> configAttributes,
                FilterInvocation filterInvocation);

    /**
     * 登录后访问失败处理器
     *
     * @param request HttpServletRequest
     * @param response HttpServletResponse
     * @param e AccessDeniedException
     * @throws IOException IOException
     */
    void accessDenied(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e)
        throws IOException;

    /**
     * 登录前访问失败
     *
     * @param request HttpServletRequest
     * @param response HttpServletResponse
     * @param authException AuthenticationException
     * @throws IOException IOException
     */
    void anonymousDenied(HttpServletRequest request, HttpServletResponse response,
                         AuthenticationException authException) throws IOException;


}
